Uh Oh. 114,000 iPad Owners Have Their Data Exposed By AT&T

In a shocking exclusive from Gawker, AT&T, and possibly Apple, have been party to a massive security lapse that rendered sensitive personal information about tens of thousands of iPad owners vulnerable.

According to the report, a hacking group called Goatse Security found the weakness and data mother-lode by running a script on the AT&T website itself. The group has in the past found and made public security holes in both Safari and Firefox. Dozens of famous people’s information was open up for the taking until the hole was closed.

What information was out there, blowing in the wind? The individual user’s personal email address, and their ID used to authenticate them on AT&T’s network. While Gawker does state that 114,000 user accounts were compromised, it could be that all accounts of iPad 3G owning people in the US were exposed.

Another egg on the face of the usually unflappable Apple. First the iPhone-Gizmodo fiasco, then the collapse of WiFi at the WWDC, and now a gigantic flaw with AT&T that breaks the circle of trust between Apple’s users and the corporation that usually treats them with care. Not what we are accustomed to seeing from Cupertino.

Ryan Tate sums it up succinctly:

At the very least, AT&T exposed a very large and valuable cache of email addresses, VIP and otherwise. This is going to hurt the telecommunications company’s already poor image with iPhone and iPad customers, and complicate its very profitable relationship with Apple. Exacerbating the situation is that AT&T has not yet notified customers of the breach, judging from the subscribers we and the security group contacted, despite being itself notified at least two days ago. It’s unclear of AT&T has notified Apple of the breach.

In an oddly perverse way, this could work out for the best. This might finally convince enough minds at Apple (or perhaps only one mind needs convincing) that to stick with AT&T exclusively is not a tenable plan for the future. If indeed Apple was not aware of the flaw, then they can be indemnified of poor conduct. If instead they did know, and did not share with the world, shame on them.

This is not the last you will hear of this story. We will bring you updates as they come.